Add support for client failover to the ipa command-line.

This adds a new global option to the ipa command, -f/--no-fallback. If this
is included then just the server configured in /etc/ipa/default.conf is used.
Otherwise that is tried first then all servers in DNS with the ldap SRV record
are tried.

Create a new Local() Command class for local-only commands. The help
command is one of these. It shouldn't need a remote connection to execute.

ticket #15

1 files changed, 14 insertions, 0 deletions

diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py
index 7e249b3ba..f7891768f 100644
--- a/ipapython/nsslib.py
+++ b/ipapython/nsslib.py
@@ -161,6 +161,20 @@ class NSSConnection(httplib.HTTPConnection):
         logging.debug("connect: %s", net_addr)
         self.sock.connect(net_addr)
 
+    def endheaders(self):
+        """
+        Explicitly close the connection if an error is returned after the
+        headers are sent. This will likely mean the initial SSL handshake
+        failed. If this isn't done then the connection is never closed and
+        subsequent NSS activities will fail with a BUSY error.
+        """
+        try:
+            # FIXME: httplib uses old-style classes so super doesn't work
+            httplib.HTTPConnection.endheaders(self)
+        except NSPRError, e:
+            self.close()
+            raise e
+
 class NSSHTTPS(httplib.HTTP):
     # We would like to use HTTP 1.1 not the older HTTP 1.0 but xmlrpclib
     # and httplib do not play well together. httplib when the protocol